The Soft Underbelly: Attacking the Client

The situation today has not changed much since 1998. Most security initiatives still concentrate on the firewalls and other border devices, and virus defence is the only area where a low level of penetration has been achieved in securing each individual client.

None of this is news, though the extent of the danger is beginning to surface slowly, as more and more security experts point to the problem. Nevertheless, I believe strongly that the threat is still being underestimated, even by those who condemn perimeter defences.

I have recently pointed out in [Vogt] that even a large corporate network can be destroyed in minutes, once an entry point has been gained and malicious code of sufficient quality has been brought inside. [Hanson] elaborated and strengthened this point using past worms as the example.

The entire point of this analysis is that any breach of the perimeter is potentially fatal, no matter how small it is, if the interior network is soft. In my paper, a single compromised machine brought down 98% of a class B network in less than a minute. I know of no current or under-development defence systems that could defend against this kind of attack. Most importantly, as the worm is saturating the network, any kind of central defence mechanism will be slowed down by the very attack it should be fighting.

The entire scenario is a typical one-vs-many problem. A centralized defence against a clever worm optimized for private networks will simply be overwhelmed by the sheer number of attackers, which are multiplying at dazzling speed. As with any disease, stopping it early is the only realistic defence. Immunization of the potential victim is the most reliable.

The link for this article located at SecurityFocus is no longer available.